\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{fred} \pdfinfo{ /Title (active-recon.pdf) /Creator (Cheatography) /Author (fred) /Subject (Active Recon Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{E08A34} \definecolor{LightBackground}{HTML}{FDF7F2} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Active Recon Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{fred} via \textcolor{DarkBackground}{\uline{cheatography.com/22666/cs/4695/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}fred \\ \uline{cheatography.com/fred} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 30th July, 2015.\\ Updated 9th September, 2016.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{3} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Stealth Scanning Strategies}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Risk = Discovery By The Target.}} \newline % Row Count 1 (+ 1) Camouflage tool signatures to avoid detection. \newline % Row Count 2 (+ 1) Hide attack in legitimate traffic. \newline % Row Count 3 (+ 1) Modify attack to hide source, type of traffic. \newline % Row Count 4 (+ 1) Make attack invisible using non-standard traffic types \& encryption.% Row Count 6 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Adjust Source IP Stack \& Tool ID - STEALTH 1}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Disable Unnecessary Services: \newline % Row Count 1 (+ 1) {\bf{Disable DHCP `chkconfig dhcpd off`}} \newline % Row Count 2 (+ 1) {\bf{Disable IPv6 `nano /etc/sysctl.conf` }} \newline % Row Count 3 (+ 1) `\#disable ipv6` \newline % Row Count 4 (+ 1) \seqsplit{`net.ipv6.conf.all.disable\_ipv6} = 1` \newline % Row Count 5 (+ 1) \seqsplit{`net.ipv6.conf.default.disable\_ipv6} = 1` \newline % Row Count 6 (+ 1) \seqsplit{`net.ipv6.conf.lo.disable} = 1` \newline % Row Count 7 (+ 1) Tools often tag packets with an id sequence that can trigger IDS. Test tools against VM's and review system logs for the tool's name. Use {\bf{Wireshark}} to capture traffic then search pcaps for keywords attributed to the testing tool. \newline % Row Count 12 (+ 5) {\bf{Set Metasploit UserAgent to Google Indexing Spider}}: {\bf{ www.useragentstring.com }} \newline % Row Count 14 (+ 2) `use \seqsplit{auxiliary/fuzzers/http/http\_form\_field`} \newline % Row Count 15 (+ 1) `set UserAgent` \newline % Row Count 16 (+ 1) `set UserAgent Googlebot/2.1 \seqsplit{(+http://www.google.com/bot.html)`}% Row Count 18 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Modify Packet Parameters - STEALTH 2}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Identify the goal before scanning}} and send the minimum number of packets. \newline % Row Count 2 (+ 2) {\bf{Avoid scans that connect with target system}} and leak data. \newline % Row Count 4 (+ 2) {\bf{Do not ping the target or use}} synchronize (SYN) and nonconventional packet scans, such as acknowledge (ACK), finished (FIN), and reset (RST) packets. \newline % Row Count 8 (+ 4) {\bf{Randomize / spoof packet settings}} source IP, port address, MAC address. \newline % Row Count 10 (+ 2) {\bf{Adjust timing}} to slow the arrival of packets at the target. \newline % Row Count 12 (+ 2) {\bf{Change packet size by fragmenting}} packets or appending random data to confuse packet inspection devices. \newline % Row Count 15 (+ 3) {\bf{\{\{fa-file-text\}\}nmap}} must be run as root \newline % Row Count 16 (+ 1) {\bf{\{\{fa-file-text\}\}nmap stealth \seqsplit{http://nmap.org/book/man-bypass-firewalls-ids.html} }}% Row Count 18 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Anonymity (Tor \& Privoxy) - STEALTH 3}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Onion routing enables online anonymity}} by encrypting user traffic and then transmitting it through a series of onion routers. At each router, a layer of encryption is removed to obtain routing information, and the message is then transmitted to the next node. \newline % Row Count 6 (+ 6) \{\{fa-plus\}\}{\bf{Install Tor}} \newline % Row Count 7 (+ 1) `apt-get install tor` \newline % Row Count 8 (+ 1) `nano /etc/Proxychains.conf` \newline % Row Count 9 (+ 1) Disable `strict\_chains`. Enable `dynamic\_chains` \newline % Row Count 10 (+ 1) Edit `{[}ProxyList{]}` and ensure `socks 5 127.0.0.1 9050` exists. \newline % Row Count 12 (+ 2) {\bf{Start Tor}} `service tor start` \newline % Row Count 13 (+ 1) {\bf{Verify Tor}} `service tor status` \newline % Row Count 14 (+ 1) {\bf{Verify Source IP}} `iceweasel www.whatismyip.com` \newline % Row Count 16 (+ 2) {\bf{Invoke Tor Routing with Proxychains}} `proxychains iceweasel www.whatismyip.com` \newline % Row Count 18 (+ 2) {\bf{Whois lookup the IP to confirm Tor is active.}} \newline % Row Count 19 (+ 1) {\bf{Tor Verify \seqsplit{ttps://check.torproject.org} }} \newline % Row Count 20 (+ 1) {\bf{DNS Leak Test www.dnsleaktest.com }} \newline % Row Count 21 (+ 1) {\bf{\{\{fa-exclamation-triangle\}\}Note}} \newline % Row Count 22 (+ 1) {\bf{Owners of exit nodes can sniff traffic}} and may be able to access credentials. \newline % Row Count 24 (+ 2) {\bf{Vulnerabilities in Tor Browser Bundle}} can be used by law enforcement to exploit systems \newline % Row Count 26 (+ 2) {\bf{ProxyChains does not handle UDP}} \newline % Row Count 27 (+ 1) {\bf{Some applications will not run}} - Metasploit, Nmap... Stealth SYN scan breaks out of proxychains and can leak information to the target. \newline % Row Count 30 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Anonymity (Tor \& Privoxy) - STEALTH 3 (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Browser applications can leak your IP}} (ActiveX, PDF, Flash, Java, RealPlay, QuickTime). \newline % Row Count 2 (+ 2) {\bf{Clear \& block cookies before browsing.}} \newline % Row Count 3 (+ 1) \{\{fa-download\}\}{\bf{ Tor-Buddy}} \newline % Row Count 4 (+ 1) Allows you to control how frequently the {\bf{Tor IP is refreshed}}:{\bf{ \seqsplit{http://sourceforge.net/projects/linuxscripts/files/Tor-Buddy/} }}% Row Count 7 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Zenmap - STEP 1}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{\{\{fa-file-text\}\}Zenmap }} \newline % Row Count 1 (+ 1) {\bf{ http://nmap.org/zenmap/ }} \newline % Row Count 2 (+ 1) The Official Nmap Security Scanner GUI. \newline % Row Count 3 (+ 1) Use this an entry point and then use nmap scans to gather additional data.% Row Count 5 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Maltego}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{Maltego {\bf{\{\{fa-download\}\} www.paterva.com }} is an {\bf{open source intelligence and forensics}} application for visualizing relationships among data that use data mining and link analysis.% Row Count 4 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Identifying Network Infrastructure}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{\{\{fa-file-text\}\} traceroute}} provides basic information on packet filtering abilities. \newline % Row Count 2 (+ 2) {\bf{\{\{fa-file-text\}\} lbd}} Uses two DNS- and HTTP-based techniques to detect load balancers \newline % Row Count 4 (+ 2) {\bf{\{\{fa-file-text\}\} miranda.py}} Identifies universal plug-and-play and UPNP devices \newline % Row Count 6 (+ 2) {\bf{\{\{fa-file-text\}\} nmap}} Detects devices and determines the operating systems and their version \newline % Row Count 8 (+ 2) `nmap -sSV -A -p- -T5 192.168.56.101` \newline % Row Count 9 (+ 1) {\bf{Shodan}} search engine identifies devices connected to the Internet, including those with default passwords, known misconfigurations, and vulnerabilities% Row Count 13 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Live Host Discovery}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Run ping sweeps}} against a target address space and look for responses that indicate a particular target is live. (TCP, UDP, ICMP, ARP) \newline % Row Count 3 (+ 3) {\bf{\{\{fa-file-text\}\}alive6}} \{\{fa-file-text\}\}{\bf{detect-new-ip6}} - IPv6 host detection. detect-new-ip6 runs on a scripted basis and identifies new IPv6 devices when added. \newline % Row Count 7 (+ 4) {\bf{\{\{fa-file-text\}\}dnmap}} {\bf{\{\{fa-file-text\}\}nmap}} - nmap is the standard network enumeration tool. dnmap is a distributed client-server implementation of the nmap scanner. PBNJ stores nmap results in a database, and then conducts historical analyses to identify new hosts. \newline % Row Count 13 (+ 6) {\bf{\{\{fa-file-text\}\}fping \{\{fa-file-text\}\}hping2 \{\{fa-file-text\}\}hping3 \{\{fa-file-text\}\}nping}} - Packet crafters that respond to targets in various ways to identify live hosts% Row Count 17 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Port Scanning}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{ \seqsplit{http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml} }} \newline % Row Count 2 (+ 2) {\bf{Nmap port discovery is very noisy}} and will be logged by network security devices. \newline % Row Count 4 (+ 2) {\bf{Only test necessary ports.}} \newline % Row Count 5 (+ 1) {\bf{Port scanning can impact a network}} and old equipment might lock.% Row Count 7 (+ 2) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Determining Active Services}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Identify default ports and services.}} \newline % Row Count 1 (+ 1) {\bf{Banner Grabbing}} \newline % Row Count 2 (+ 1) {\bf{\{\{fa-file-text\}\}netcat \{\{fa-file-text\}\}nmap \{\{fa-file-text\}\}telnet}} \newline % Row Count 4 (+ 2) {\bf{Review Default Web Pages}}: Some applications install with default administration, error, or other pages. \newline % Row Count 7 (+ 3) {\bf{Review Source Code}}: Poorly configured web-based applications may respond to certain HTTP requests such as HEAD or OPTIONS with a response that includes the web server software version, and possibly, the base operating system or the scripting environment in use.% Row Count 13 (+ 6) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Fingerprinting the OS}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Active:}} The attacker sends normal and malformed packets to the target and records its response pattern (fingerprint) which is compared to the database to determine the OS \newline % Row Count 4 (+ 4) {\bf{Passive:}} The attacker sniffs, or records and analyses the packet stream to determine the characteristics of the packets. \newline % Row Count 7 (+ 3) {\bf{\{\{fa-file-text\}\}xprobe2}} uses different TCP, UDP, ICMP packets {\bf{to bypass firewalls and avoid detection by IDS / IPS systems.}}% Row Count 10 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Nmap Scripting Engine (NSE)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{ http://nmap.org/nsedoc/ }} \newline % Row Count 1 (+ 1) Scripts are written in {\bf{LUA}} \newline % Row Count 2 (+ 1) {\bf{Recon of IPv4 \& IPv6 DNS}} data \newline % Row Count 3 (+ 1) {\bf{Identify web application firewalls, IDS, IPS}} \newline % Row Count 4 (+ 1) {\bf{Test firewall rulesets}} (via firewalk) and attempting to bypass the firewall \newline % Row Count 6 (+ 2) {\bf{Harvesting user names}} from target and online sites \newline % Row Count 8 (+ 2) {\bf{Brute-force guessing of passwords}} \newline % Row Count 9 (+ 1) {\bf{Crawling the target network}} to identify network shares \newline % Row Count 11 (+ 2) {\bf{Extract EXIF metadata}} from images in a defined website \newline % Row Count 13 (+ 2) {\bf{Geographical localization of IP's}} \newline % Row Count 14 (+ 1) Network attacks such as IPv6 packet flooding \newline % Row Count 15 (+ 1) {\bf{Fuzzing and SQL injection}} testing \newline % Row Count 16 (+ 1) \{\{fa-download\}\} {\bf{Screenshot Web Services}} (wkhtmltoimage) \seqsplit{http://wkhtmltopdf.googlecode.com} \newline % Row Count 18 (+ 2) \{\{fa-download\}\}{\bf{Screenshot NSE Script}} \seqsplit{https://github.com/SpiderLabs/Nmap-Tools/blob/master/NSE/http-screenshot.nse}% Row Count 21 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Recon-ng}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{\{\{fa-file-text\}\}recon-ng}} \newline % Row Count 1 (+ 1) Modules are written in python. \newline % Row Count 2 (+ 1) {\bf{`show`}} available modules. \newline % Row Count 3 (+ 1) {\bf{`search`}} available modules. \newline % Row Count 4 (+ 1) {\bf{`info`}} information on how the module works. \newline % Row Count 5 (+ 1) {\bf{`show options`}} options that can be set. \newline % Row Count 6 (+ 1) {\bf{`set`}} sets the options. \newline % Row Count 7 (+ 1) {\bf{`run`}} to execute. \newline % Row Count 8 (+ 1) {\bf{Harvest contacts}} (whois, jigsaw, linkedin, twitter)(use the mangle module to extract and present e-mail data) \newline % Row Count 11 (+ 3) {\bf{Identify hosts}} \newline % Row Count 12 (+ 1) {\bf{Identify geographical locations}} of hosts and individuals using hostop, ipinfodb, maxmind, uniapple, wigle \newline % Row Count 15 (+ 3) {\bf{Identify host information}} using netcraft and related modules \newline % Row Count 17 (+ 2) {\bf{Identify account and password information}} that has previously been compromised and leaked onto the Internet (the pwnedlist modules, wascompanyhacked, xssed, and punkspider)% Row Count 21 (+ 4) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{5.377cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{5.377cm}}{\bf\textcolor{white}{Vulnerability Scanning}} \tn \SetRowColor{white} \mymulticolumn{1}{x{5.377cm}}{{\bf{Loud and easily detected}} \newline % Row Count 1 (+ 1) {\bf{Usually signature based}} and can only detect known vulnerabilities with recognition signatures. \newline % Row Count 3 (+ 2) {\bf{Falsepositive results with a rate as high as 70\%}} \newline % Row Count 5 (+ 2) {\bf{Network Scanning Watch List}} for devices known to fail when scanned www.digininja.org \newline % Row Count 7 (+ 2) {\bf{\{\{fa-exclamation-triangle\}\} Scanning may breach laws}} in some countries \newline % Row Count 9 (+ 2) In Kali, found in Vulnerability Analysis submenu and Web Vulnerability Scanners menu. \newline % Row Count 11 (+ 2) {\bf{OpenVAS}} Open Vulnerability Assessment System \newline % Row Count 12 (+ 1) {\bf{Nexpose}} www.rapid7.com \newline % Row Count 13 (+ 1) {\bf{Nessus}} www.nessus.org% Row Count 14 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}